Changes

https://xpenv.com

Compared to previous audit · 44 minutes ago View previous audit

Madrid, Spain → Singapore, Singapore

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (87)	B (85)	-2.000
Performance	A (94)	A (94)	—
Security	B (85)	C (79)	-6.000
Accessibility	B (80)	B (84)	+4.000
SEO	A (96)	B (85)	-11.000
Infrastructure	A (92)	A (94)	+2.000
Compliance	D (63)	C (70)	+7.000
Content	A+ (99)	C (76)	-23.000
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	6800	7600	+800
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9800	9900	+100
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.38 s	3.03 s	-354 ms
LCP	3.83 s	3.70 s	-136 ms
TBT	490 ms	319 ms	-171 ms
CLS	0.041	0.041	—
Desktop FCP	729 ms	710 ms	-19 ms
Desktop LCP	1.03 s	791 ms	-239 ms
Desktop TBT	50 ms	16 ms	-34 ms
Desktop CLS	0.003	0.003	—
TTFB †	245 ms	160 ms	-85 ms
DNS †	8 ms	41 ms	+33 ms
TLS †	8 ms	21 ms	+13 ms
Connect †	1 ms	17 ms	+15 ms
Total †	246 ms	160 ms	-85 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL Page has only 47 words — nearly empty seo

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING Bare server default 404 page accessibility

WARNING https://xpenv.com/assets/index-7YzAFMRA.js: 260 KB unused (63%) performance

WARNING No internal links found seo

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 279ms CPU time performance

WARNING Thin content — only 47 words seo

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING https://xpenv.com/assets/index-7YzAFMRA.js: 411ms CPU time performance

WARNING No meta description tag found seo

WARNING 2 link(s) open in new tab without warning accessibility

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No canonical tag found seo

WARNING Title is only 16 characters — consider expanding seo

WARNING No Open Graph meta tags found content

CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility

WARNING Privacy Policy not detected compliance

WARNING https://xpenv.com/assets/index-C48drCrh.js: 747ms CPU time performance

WARNING 1 publicly-accessible JavaScript source map(s) security

WARNING Unattributable: 380ms CPU time performance

WARNING Heading level skipped: H1 → H3 (missing H2) accessibility

WARNING Login form does not contain a recognizable CSRF token security

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 368ms CPU time performance

WARNING https://xpenv.com/assets/index-C48drCrh.js: 260 KB unused (63%) performance

WARNING No privacy policy link detected compliance

WARNING <iframe> missing title attribute (src="") accessibility

CRITICAL Content-Security-Policy header is missing security

CRITICAL Transfer efficiency: 42% sustainability

CRITICAL No Content-Security-Policy header found security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Terms of Service not detected compliance

WARNING No Permissions-Policy header security

WARNING No accessibility statement detected compliance

WARNING X-Frame-Options header is missing security

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Dead-end page — no outgoing internal links seo

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING No <nav> landmark found accessibility

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Registrar lock is NOT enabled infrastructure

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Referrer-Policy header is missing security

WARNING Permissions-Policy header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

x-ipfs-roots

bafybeibv4l6siquomy46iagzb5poeezua7nqrzp627fsna4xru6kdo7ewa → bafybeicgeisyngoxppp4rzshdwwr7oidtxmq52wtg6jd6zk7ejzfn26l6q

last-modified

Mon, 25 May 2026 02:42:45 GMT → Mon, 25 May 2026 02:40:37 GMT

16 headers unchanged

+ AngularJS JavaScript frameworks

+ Cloudflare Turnstile Security

− PWA Miscellaneous

− React JavaScript frameworks

− Open Graph Miscellaneous

− React Router JavaScript frameworks

− Bootstrap Framework

4 technologies unchanged

Looking ahead

+12 pts

B (85) Could reach A+ (97)

Security +21SEO +15Accessibility +13Compliance +10Sustainability +10Performance +6Content +4Infrastructure +4

Estimate — actual results may vary (35 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 87 → 85 -2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$1,458 in development time

Investment remaining

$4,317 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	87 (B)	85 (B)	-2
Performance	94 (A)	94 (A)	0
Security	85 (B)	79 (C)	-6
Accessibility	80 (B)	84 (B)	+4
SEO	96 (A)	85 (B)	-11
Infrastructure	92 (A)	94 (A)	+2
Compliance	63 (D)	70 (C)	+7
Content	99 (A+)	76 (C)	-23
Sustainability	88 (B)	88 (B)	0

Resolved (13)

Privacy Policy not detected (Compliance)
→ Reduced regulatory exposure
https://xpenv.com/assets/index-C48drCrh.js: 747ms CPU time (Performance)
→ Page loads faster for users
1 publicly-accessible JavaScript source map(s) (Security)
→ Reduced attack surface for visitors
Unattributable: 380ms CPU time (Performance)
→ Page loads faster for users
Heading level skipped: H1 → H3 (missing H2) (Accessibility)
→ Improved usability for assistive technology users
Login form does not contain a recognizable CSRF token (Security)
→ Reduced attack surface for visitors
3 field(s) would benefit from inputmode attribute (Accessibility)
→ Improved usability for assistive technology users
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
→ Improved usability for assistive technology users
3 field(s) missing recommended autocomplete attribute (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 368ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/assets/index-C48drCrh.js: 260 KB unused (63%) (Performance)
→ Page loads faster for users
No privacy policy link detected (Compliance)
→ Reduced regulatory exposure
<iframe> missing title attribute (src="") (Accessibility)
→ Improved usability for assistive technology users

Recommended next steps (35)

Sprint 1
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 1
Transfer efficiency: 42% (Sustainability)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
Bare server default 404 page (Accessibility)
Sprint 3
https://xpenv.com/assets/index-7YzAFMRA.js: 260 KB unused (63%) (Performance)
Sprint 1
No internal links found (SEO)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 279ms CPU time (Performance)
Sprint 3
Thin content — only 47 words (SEO)
Sprint 1
External script from challenges.cloudflare.com lacks integrity attribute (Security)
Sprint 1
https://xpenv.com/assets/index-7YzAFMRA.js: 411ms CPU time (Performance)
Sprint 1
No meta description tag found (SEO)
Sprint 1
2 link(s) open in new tab without warning (Accessibility)

…and 20 more recommended item(s)

Browse & Analyze

Learn